Facebook, Twitter, Apple and Microsoft: all icons of the information technology industry and all the focus of targeted attacks in Feb 2013. The bad news for us all is, that even those that should be some of the most tech-savvy companies in the world, can fall foul of targeted attacks.
Microsoft admitted: “During our investigation, we found a small number of computers, including some in our Mac business unit, [which] were infected by malicious software……” Microsoft appears not to have been seriously impacted, at least if the aim of the attackers was to steal data, as it goes on to say “We have no evidence of customer data being affected and our investigation is on-going”. The important lesson is that, whilst Microsoft’s defenses were penetrated, it was prepared to acknowledge this and make a statement that its customers’ data remained safe.
The story at Facebook was alike; malware did get on to its devices, but it was confident data was not stolen. Reports about the incident at Apple are similar. Twitter admitted to 250,000 user account details being compromised.
All businesses must accept this: if they become a target, it is very hard to stop determined cybercriminals or hacktivists getting malware on to their systems. What is essential is to ensure that such attacks are identified as soon as possible and that it is hard for the perpetrators to extend their attacks within the impacted networks.
A new research report from Quocirca “The trouble heading for your business” (sponsored by Trend Micro) shows the scale of the problem of targeted attacks across European businesses. The good news is that with all the high-profile reporting, awareness is high. This understanding is also due to the fact that most organizations believe they have been a victim of targeted attacks at some point and in about one-third say there has been a significant impact of some sort.
The report goes on to show that there is an over-reliance on traditional security technology and not enough use being made of more advanced techniques. Whilst Quocirca cannot be sure of how Microsoft, Apple and Facebook are defending themselves, it seems that their security posture is predicated on the fact that attacks will penetrate their defenses but timely detection and multiple layers of security means these attacks can be foiled.
With their high level of interaction with consumers and the need to store personal financial data, Quocirca’s report shows that retailers and financial services organizations are some of the most concerned about the potential impacts of targeted attacks. However, no business can afford to be complacent. With the rise of hacktivism, any organization could unexpectedly become an overnight target.
As another recent Quocirca report “Digital identities and the open business” (sponsored by CA Technologies) shows most businesses are driving more and more value from their online interactions, but this comes at a price. Some of the profit from those interactions must be reinvested in security measures that prepare organizations to respond to increasingly sophisticated and well-targeted attacks on their employees, networks, applications and data. Those that do not face data losses, regulatory fines, damaged competitiveness and in the worst case the collapse of their businesses.